[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: what's your Debian uptime?

> > > Linux greer 3.2.6 #1 SMP Mon Feb 20 17:05:10 CST 2012 i686 GNU/Linux
> > > 
> > >  22:35:31 up 412 days, 10:05,  1 user,  load average: 1.18, 0.97, 0.44  
> > 
> > So you are over a year behind in installing security updates for the
> > kernel. (I know, if your machine doesn't have untrusted users and is
> > well removed or disconnected from the internet, then that doesn't really
> > matter).  
> This must not be so. Look, In my case I used a self compiled kernel, with very 
> few modules. And as the only security holes have been in kernel modules, I did 
> not compile, I needed not to install a new kernel. Those modules were just not 
> existent. KISS-style. It makes things more secure!

If you use a minimal config then I could believe that but bear in mind
Linus famous words of "a bugs a bug". Having looked for security issues
in a timely manner myself and having heard someone being very vocal
about a security related too like polkit having had atleast one
security bug fixed silently. I would still update. I wondered about
ksplice once but I believe security restrictions, perhaps grsecurity
prevented it from being used which made sense to me.

OpenBSD has only had something like two holes in over a decade which is
nice for uptime.


'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)

Reply to: